fix: session not persisting

This commit is contained in:
grandeljay 2023-12-17 12:43:59 +01:00
parent 3520d1ca23
commit d50d4b0aab
3 changed files with 22 additions and 8 deletions

View file

@ -52,7 +52,6 @@ if (file_exists($configPath)) {
session_start( session_start(
array( array(
'name' => 'wishthis', 'name' => 'wishthis',
'cookie_lifetime' => \ini_get('session.gc_maxlifetime') ?: 1440,
) )
); );

View file

@ -249,7 +249,7 @@ class User
*/ */
public function isLoggedIn(): bool public function isLoggedIn(): bool
{ {
if (!isset($_COOKIE['wishthis'])) { if (!isset($_COOKIE['wishthis'], $_COOKIE['wishthis_session'])) {
return false; return false;
} }
@ -267,7 +267,7 @@ class User
FROM `sessions` FROM `sessions`
WHERE `session` = :session', WHERE `session` = :session',
array( array(
'session' => $_COOKIE['wishthis'], 'session' => $_COOKIE['wishthis_session'],
) )
) )
->fetch(); ->fetch();
@ -447,6 +447,9 @@ class User
session_destroy(); session_destroy();
unset($_SESSION); unset($_SESSION);
/** Delete cookie */
\setcookie('wishthis_session', '', time() - 3600);
} }
public function delete(): void public function delete(): void
@ -554,13 +557,16 @@ class User
public function refreshSession(int $forUser = 0): void public function refreshSession(int $forUser = 0): void
{ {
$sessionId = $_COOKIE['wishthis']; $sessionId = $_COOKIE['wishthis_session']
$sessionDurationSeconds = \ini_get('session.gc_maxlifetime') ?: 1440; ?? \password_hash(\bin2hex(\random_bytes(32)), \PASSWORD_BCRYPT);
$sessionDurationSeconds = 1440;
if ($this->stayLoggedIn) { if ($this->stayLoggedIn) {
$sessionDurationSeconds = 31104000; // One year $sessionDurationSeconds = 7776000; /** Three months */
} }
$sessionExpires = time() + $sessionDurationSeconds;
if (0 === $forUser) { if (0 === $forUser) {
$forUser = $this->id; $forUser = $this->id;
} }
@ -573,6 +579,10 @@ class User
); );
$database->connect(); $database->connect();
/** Create cookie */
\setcookie('wishthis_session', $sessionId, $sessionExpires, '/');
$_COOKIE['wishthis_session'] = $sessionId;
/** Delete outdated sessions */ /** Delete outdated sessions */
$database $database
->query( ->query(
@ -602,7 +612,7 @@ class User
WHERE `session` = :session WHERE `session` = :session
AND `user` = :user', AND `user` = :user',
array( array(
'expires' => date('Y-m-d H:i', time() + $sessionDurationSeconds), 'expires' => date('Y-m-d H:i', $sessionExpires),
'session' => $sessionId, 'session' => $sessionId,
'user' => $forUser, 'user' => $forUser,
) )

5
src/update/1-1-1.sql Normal file
View file

@ -0,0 +1,5 @@
/**
* Sessions
*/
ALTER TABLE `sessions`
CHANGE COLUMN `session` `session` VARCHAR(60) NOT NULL;